Of the over two million complaints received in 2013, 290,056, or 14%, were identity theft related. American consumers reported losing over $1.6 billion to fraud in 2013.

Identity theft has actually been a problem for years.

“For decades, fugitives have changed identities to avoid capture, and check forgers have assumed the identity of others to negotiate stolen or counterfeit checks,” said Dennis Lormel of the FBI in testimony from 2002 to the Senate Judiciary Committee in Washington. “Advances in computer hardware and software along with the growth of the Internet has significantly increased the role that identity theft plays in crime.”

While identity theft already was a federal crime, the Identity Theft Penalty Enhancement Act would impose harsher punishments on convicted identity thieves, targeting those committing the theft but also potential users of stolen information in committing their own fraud.

When the Act was passed, it added two years to prison sentences for criminals convicted of using stolen credit card numbers and other personal data to commit crimes (“knowingly transferring, possessing, or using, without lawful authority, a means of identification of another person” during or in relation to specific felony violations). Also, it added five extra years to sentences of violators who used stolen personal data to commit terrorist offenses.

Because the Identity Theft Penalty Enhancement Act was created as a deterrent to identity thieves, there are no compliance regulations for businesses. However, there are safeguards that all workplaces can put in place to reduce the risk of identity theft.

What’s important to know in this case is that research has shown that workplace insiders are often to blame for data breach and identity theft incidents. Insider theft in 2013 increased 80% compared to 2012 figures according to the Identity Theft Resource Center. The number of data breaches attributed to employee error/negligence increased in 2013 by 72.7%.

How can a workplace keep private information private? Here are some guidelines:

Introduce a comprehensive document management policy that tracks information from creation to destruction. Don’t keep information that you don’t need to keep.

Limit access to personal information, and introduce protocols for sharing and disclosing information.

Partner with a knowledgeable shredding company that provides a secure chain of custody including locked consoles for information that needs to be destroyed, and a certificate of destruction after every shred. The shredding company should provide secure hard drive destruction as well.

Introduce a shred-all policy so that all information is destroyed when it is no longer needed. This simplifies the destruction process and reduces the risk of employee error.

Learn more about the Identity Theft Penalty Enhancement Act and ensure your business is in compliance.

Shred-it® is a Stericycle solution.North American Shred-it locations are NAID Certified for mobile document destruction, adhering to the stringent security practices and procedures established by the National Association for Information Destruction.